API tools faq
paste
Guest User

Untitled

a guest
Aug 2nd, 2018
169
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 5.79 KB | None | 0 0
raw download clone embed print report
  1. public function ProtectPassword($password){
  2.         include_once("secure/constants.php");
  3.         $salt = PASSWORD_SALT;
  4.        
  5.         $protectedPassword = sha1($salt.$password);
  6.         return $protectedPassword;
  7.     }
  8.  
  9. ----------------------
  10.  
  11. function Login($username, $password){
  12.        
  13.         $this->ConnectDB();
  14.        
  15.         //Washing username
  16.         $username = strtolower($username);
  17.         $username = $this->mysql_prep($username);
  18.        
  19.         //Get the ID for the user
  20.         $userId = $this->getUserID($username);
  21.        
  22.         //Gets the active state of the user
  23.         $activeState = $this->IsUserActive($userId);
  24.        
  25.         //Confirm that this is an active account
  26.         if($activeState){
  27.             //Hash and salt the password
  28.             $hashed_password = $this->ProtectPassword($password);
  29.            
  30.             //Selects the password
  31.             $query = "SELECT hashed_password, email FROM users WHERE email = '$username'";
  32.             $result = mysql_query($query);
  33.            
  34.             if(!$result){
  35.                 die("Couldn't find that post in the database.");
  36.                 return;
  37.             }
  38.            
  39.             $row = mysql_fetch_assoc($result);
  40.             $dbPass = $row['hashed_password'];
  41.             //Confirms that the password is what the user entered
  42.             if($hashed_password === $dbPass){
  43.                
  44.                 //Succesfully logged in!
  45.                 $loginResult = true;
  46.                
  47.                 //Update the logged_in state to 1, eg true
  48.                 $query = "UPDATE user_state SET logged_in = '1' WHERE user_id = '$userId'";
  49.                 mysql_query($query);
  50.                
  51.                 echo mysql_error();
  52.                
  53.                 //Include the Log class and log that the user logged in
  54.                 include_once("Log.class.php");
  55.                 $logger = new Log();
  56.                 $logger->logLogin($userId);
  57.                 $logger->logInteract($userId);
  58.                
  59.                 //Save the userID and username in a session
  60.                 $_SESSION['userID'] = $userId;
  61.                 $_SESSION['username'] = $username;
  62.                 session_write_close();
  63.                 echo "logged in";
  64.                
  65.             }else{
  66.                 //Wrong password
  67.                 $loginResult = false;
  68.                 echo "inte inloggad <br/>";
  69.                 echo $password . "<br/>" . $row['hashed_password'];
  70.                 echo "<br/>" . $username . "<br/> " . $row['email'];
  71.             }
  72.            
  73.             //Returns the result
  74.             return $loginResult;
  75.            
  76.         }else{
  77.             //The user is inactive, on vacation or whatnot.
  78.             $user_message = "This account is marked as disabled. Contact the webmaster.";
  79.             return $user_message;
  80.         }
  81.            
  82.     }
  83.  
  84.  
  85. -------------------
  86.  
  87.     function Register($username, $password, $name, $surName,
  88.                                 $cellphone, $adress, $postalNumber, $city){
  89.         $this->ConnectDB();
  90.        
  91.         //Wash email (username) first, so that it'll parse as it should when we're checking if the email (username) exists
  92.         //Also we're making it to lower case since that's what will be used everywhere when comparing
  93.         $username = strtolower($username);
  94.         $username = $this->mysql_prep($username);
  95.        
  96.         $usernameIsTaken = $this->isUsernameTaken($username);
  97.        
  98.         if($usernameIsTaken){
  99.             $user_message = "That email is already registered here.";
  100.             return $user_message;
  101.         }
  102.        
  103.         //Hash and salt password
  104.         $hashed_password = $this->ProtectPassword($password);
  105.        
  106.         //Ensure we're not getting any bad stuff into the database
  107.             $name = $this->mysql_prep($name);      
  108.             $surName = $this->mysql_prep($surName);
  109.             $city = $this->mysql_prep($city);
  110.             $adress = $this->mysql_prep($adress);
  111.            
  112.            
  113.             //Ensure that we're getting a real phonenumber, and not a bunch of letters for example, using RegExp
  114.             if(!preg_match('/[^((0-9)|\-|\(|\)|\+)]+((x|ext)[.]?[ ]?[0-9]{1,5})?$/', $cellphone) && !empty($cellphone)) {
  115.                 //Cellphone number is OK, don't to anything
  116.             }else{
  117.                 echo "Cellphone number not valid, try again";
  118.                 return false;
  119.             }
  120.            
  121. //          Ensure that the postalnumber is a number,
  122. //          and it may consist of 12345 AND 123 45
  123.             if(preg_match("/^[0-9]{3}\s?[0-9]{2}$/", $postalNumber)){
  124.                 echo 'Valid ';
  125.                 echo "<br/>";
  126.                 echo $postalNumber;
  127.             }else{
  128.                 echo 'Inte valid';
  129.                 echo "<br/>";
  130.                 echo $postalNumber;
  131.                 return false;
  132.             }
  133.         $userId = $this->GetUserID($username);
  134.        
  135.         //Create a new user
  136.         $registerQuery = "INSERT INTO users (email, hashed_password, first_name, sur_name, cellphone, adress, postal_number, city)
  137.                         VALUES('$username', '$hashed_password', '$name', '$surName',
  138.                                 '$cellphone', '$adress', '$postalNumber', '$city')";
  139.         $registerResult = mysql_query($registerQuery);
  140.        
  141.         if($registerResult){
  142.            
  143. //          Successfully registred!
  144.             echo "registrerat" . "<br/>";
  145.                
  146.             $this->ConnectDB();
  147.                
  148.             $userId = $this->GetUserID($username);
  149.                
  150. //          Insert the default values when the user registers, eg that he is default, and not an admin.
  151.             $defaultRoleQuery = "INSERT INTO `user_roles`(`user_id`, `role_id`)
  152.                                     VALUES ('$userId', 1)";
  153.             $defaultRoleResult = mysql_query($defaultRoleQuery);
  154.            
  155. //          Check if we succeeded with the default role query
  156.             if($defaultRoleResult){
  157.                
  158. //              Insert the default state, eg that he last did something now, is not logged in, and is active
  159.                 $userStateQuery = "INSERT INTO `user_state`(`user_id`, `last_interaction`, `logged_in`, `active`)
  160.                                     VALUES ('$userId', now(), 0, 1)";
  161.                 $userStateResult = mysql_query($userStateQuery);
  162.                
  163.                 if($userStateResult){
  164.                    
  165.                     $user_message = "Successfully registered!";
  166.                     return $user_message;
  167.                 }else{
  168.                    
  169.                     $query = "DELETE FROM users WHERE user_id = '$userId'";
  170.                     mysql_query($query);
  171.                     $user_message = "Something went wrong in the registration-process, please try again later.";
  172.                     return $user_message;
  173.                 }
  174.            
  175.             }else{
  176.                 $query = "DELETE FROM users WHERE user_id = '$userId'";
  177.                 mysql_query($query);
  178.                 $user_message = "Something went wrong in the registration-process, please try again later.";
  179.                 return $user_message;
  180.             }
  181.            
  182.         }else{
  183.            
  184. //          Something went wrong with the registration
  185.             $user_message = "Something went wrong in the registration-process, please try again later.";
  186.             return $user_message;
  187.         }
  188.        
  189.     }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!